public void TestVerifyFalseKey()
{
Dictionary<string, string> insertedData = createRequestData();
insertedData.Remove("secret");
insertedData.Add("secret", "shk5");
String value = "";
insertedData.TryGetValue("email", out value);
string authorization = value;
insertedData.TryGetValue("secret", out value);
authorization += value + "mg24";
Request request = new Request(null, RestService.Web_Service.RestMethods.GET, insertedData, null, authorization);
try
{
Authenticator.VerifyHash(request);
Assert.Fail("No exception was thrown");
}
catch (Exception e)
{
Assert.AreEqual("No such clientKey exists", e.Message);
}
}
public void TestTokenHandler()
{
DatabaseConnection db = new DatabaseConnection("SMU");
PreparedStatement stmt = db.Prepare("SELECT * FROM user_account WHERE id = 14");
SqlDataReader reader = db.Query(null, stmt); ;
User user = null;
while (reader.Read())
{
int id = reader.GetInt32(reader.GetOrdinal("id"));
string userEmail = reader.GetString(reader.GetOrdinal("email"));
string userPassword = reader.GetString(reader.GetOrdinal("password_hash"));
//TODO userdata has to be fetched witht he rast of the data
user = new User(id, userEmail, userPassword, null);
}
Token token = TokenHandler.getToken(user.email, user.password);
Console.WriteLine(token.token);
Request preRequest = new Request(null, 0, null, null, token.token);
Request postRequest = TokenHandler.validateTokenAndGetUser(preRequest);
Assert.IsTrue(user.id == postRequest.user.id);
}
public void TestVerifyFalseHash()
{
Dictionary<string, string> insertedData = createRequestData();
String value = "";
insertedData.TryGetValue("email", out value);
string authorization = value;
insertedData.TryGetValue("secret", out value);
authorization += value + "mg24";
authorization = SHAEncrypter.SHAEncrypt(authorization);
insertedData.Remove("email");
insertedData.Add("email", "*****@*****.**");
Request request = new Request(null, RestService.Web_Service.RestMethods.GET, insertedData, null, authorization);
Assert.IsFalse(Authenticator.VerifyHash(request));
}
public static Request validateTokenAndGetUser(Request request)
{
string emailAndPassword = DecryptToken(request.authorization);
string [] emailAndPasswordArray = emailAndPassword.Split(new string[] { ":::" }, StringSplitOptions.None);
string email = emailAndPasswordArray[0];
string password = emailAndPasswordArray[1];
DateTime expires;
try
{
expires = DateTime.Parse(emailAndPasswordArray[2]);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
throw new Exception("Token is invalid");
}
if (DateTime.Now.CompareTo(expires) > 0)
{
Exception ex = new Exception("The token is expired");
ex.Data.Add("errorCode", 201);
throw ex;
}
else
{
User user = GetUser(email, password);
if (user == null)
{
throw new Exception("Token is invalid");
}
else
{
request.user = user;
return request;
}
}
}
/**
* The method will return false if it at any point is unable to verify
* the hash. This can be due to the hash not being present in the request,
* or the requestHash not matching the verificationHash.
*/
public static bool VerifyHash(Request request)
{
string requestHash = request.authorization;
/**
* Declaring verificationString here as part of creating the correct
* string using an unknown amount of data.
*/
string verificationString = "";
foreach (KeyValuePair<string, string> dataPair in request.data)
{ verificationString += dataPair.Value; }
string hashKey = "";
if (request.data.TryGetValue("secret", out hashKey))
{ verificationString += GetSecretKey(hashKey); }
else
{ throw new Exception("Hashkey not found. Cannot look up secretKey"); }
string verificationHash = SHAEncrypter.SHAEncrypt(verificationString);
if (verificationHash.Equals(requestHash)) { return true; }
return false;
}